Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Vpn tunnel dies on ip update

    Scheduled Pinned Locked Moved IPsec
    8 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phospher
      last edited by

      why is is that my vpn tunnels die when ever the ip address changes on one end of the tunnel?  yes, i am specifying my dyndns hostname on both ends of the tunnel in the ipsec configuration. restarting vpn on one end of the tunnel does not seem to resolve the issue. when this happens a reboot seems to fix it but rebooting the firewall every other week is not a viable solution.

      i'm running pfsense 1.2.3-RC1.

      thanks!

      1 Reply Last reply Reply Quote 0
      • P
        phospher
        last edited by

        the problem looks to be that when side 1's ip address changes side 2 only updates the tunnel with the subnet of the LAN interface. i have several other tunnels with different subnets behind the pfsense box that never get updated. in fact, it keeps trying to connect to the old ip address on tunnels that are different than the LAN interface.

        1 Reply Last reply Reply Quote 0
        • D
          databeestje
          last edited by

          Found the issue, it's fixed. I ran into this as well. If you have multiple tunnels with dyndns that can break.

          1 Reply Last reply Reply Quote 0
          • P
            phospher
            last edited by

            is that fixed in the latest snapshot then?

            thanks!

            1 Reply Last reply Reply Quote 0
            • D
              databeestje
              last edited by

              Note that when one end of the tunnel gets a new IP addresses the old policies will need to be purged before new ones can be established.

              That's normal. If I understood you correctly this was specific to a 2nd tunnel to the same host, correct?

              1 Reply Last reply Reply Quote 0
              • X
                XZed
                last edited by

                @databeestje:

                Note that when one end of the tunnel gets a new IP addresses the old policies will need to be purged before new ones can be established.

                Hello,

                i started a new topic and, in my case, i noticed what you said…

                perhaps have you an idea for my problem ?

                http://forum.pfsense.org/index.php/topic,18490.0.html

                Sincerely,

                1 Reply Last reply Reply Quote 0
                • P
                  phospher
                  last edited by

                  If I understood you correctly this was specific to a 2nd tunnel to the same host, correct?

                  yes, that sounds correct.  i have a normal site-to-site ipsec vpn with the pfsense boxes being the end points. then, on top of that i have several routers and subnets behind each end of the ipsec vpn firewalls. i've created a vpn tunnel for each additional subnet to permit traffic between the interfaces but these are the ones that never automatically get updated. an ipsec restart on the non-changed (ip addy) side get's things running smoothly again. being it's dhcp this happens every few weeks. which makes me think how nice static ip's are… but oh yeah, those cost more money.  ::)

                  thanks.

                  1 Reply Last reply Reply Quote 0
                  • D
                    databeestje
                    last edited by

                    No worries then, that specific issue is fixed in RC2 snapshots.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.